ARDvark parses the Apple Remote Desktop (ARD) files to pull out application usage, user activity, and filesystem listings.
☆36Jun 1, 2023Updated 2 years ago
Alternatives and similar repositories for ARDvark
Users that are interested in ARDvark are comparing it to the libraries listed below
Sorting:
- Parsers for common structures across windows formats.☆12Aug 23, 2023Updated 2 years ago
- Queries for parsed spotlight database in sqlite☆13Dec 29, 2020Updated 5 years ago
- Synopsis is a tool to aid analysts reviewing browser history files by providing a high-level “synopsis” of key information.☆22Oct 31, 2018Updated 7 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- Simple CLI utility to save off an image from every webcam hooked into a mac☆14May 20, 2021Updated 4 years ago
- JXA script based on research by Jeff Johnson on leveraging TextEdit to remove quarantine attributes on files. Jeff's original research is…☆17Jan 31, 2021Updated 5 years ago
- pollen - A command-line tool for interacting with TheHive☆36Jun 6, 2019Updated 6 years ago
- A DFVFS Backed Forensic Viewer☆42Apr 13, 2020Updated 5 years ago
- ☆24Aug 30, 2019Updated 6 years ago
- USN to JSON☆22Apr 4, 2020Updated 5 years ago
- lnk_parser is a full rust implementation to parse windows LNK files☆23Feb 17, 2026Updated last week
- Wrapper for TSK (Sleuth Kit) Bindings☆12Jan 10, 2023Updated 3 years ago
- RisingSun: Decoding SUNBURST C2 to identify infected hosts without network telemetry.☆10Jan 14, 2021Updated 5 years ago
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- Help deobfuscate VBScript☆18Jul 1, 2022Updated 3 years ago
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆42Sep 21, 2023Updated 2 years ago
- [⛔️ Deprecated] Venator is a python tool used to gather data for proactive detection of malicious activity on macOS devices.☆177Jul 1, 2020Updated 5 years ago
- ☆110May 14, 2018Updated 7 years ago
- exploit on macOS 10.11.x☆13Mar 22, 2019Updated 6 years ago
- ☆12Aug 10, 2019Updated 6 years ago
- ☆11Jun 30, 2016Updated 9 years ago
- Collection of Nmap scripts☆10Nov 27, 2015Updated 10 years ago
- NTFS Security Descriptor Stream ($Secure:$SDS) parser☆14Jan 9, 2023Updated 3 years ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- ☆53Oct 20, 2020Updated 5 years ago
- Loads a program into a memfd and runs it.☆11May 22, 2022Updated 3 years ago
- WMI SA stuffs☆30Apr 18, 2022Updated 3 years ago
- Bro PCAP Processing and Tagging API☆28Nov 9, 2017Updated 8 years ago
- A Canary which fires when uninstalled☆34Mar 16, 2021Updated 4 years ago
- The "DFUR" Splunk application and data that was presented at the 2020 SANS DFIR Summit.☆13Sep 9, 2020Updated 5 years ago
- ☆28Aug 10, 2019Updated 6 years ago
- Crowdstrike Falcon Host script for iterating through instances to get alert and other relevant data☆13Jul 16, 2019Updated 6 years ago
- Slides from my AD Privesc talk at WAHCKon 2017☆16May 6, 2017Updated 8 years ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- Indicators of Normality☆11Jul 22, 2022Updated 3 years ago
- NTFS file system specimens☆13Jul 3, 2023Updated 2 years ago
- Capture all RabbitMQ messages being sent through a broker.☆32Feb 13, 2021Updated 5 years ago
- Tools for macOS Forensic Bootable media☆15May 20, 2020Updated 5 years ago
- Various scripts for macOS tasks☆141Nov 24, 2025Updated 3 months ago